My coworker dug up his GCIH material from 2002.  I do not believe this would be an actual substitute of current GCIH material, but I wanted to know just how far away it is from the current revision.  Yes, I am aware that 7 years is a long time in infosec.

D'oh!  I wish I would have known.  I was approved for the GSEC in Orlando, but didn't go because it was not what I wanted.  I don't think my manager would support the work study endeavor if I am going with a cross my fingers approach.  Maybe for my next cert?

I signed up for the work study, but was not picked for the course I wanted.  I guess I could try it for all of the different SANS courses and see if my manager would pay for the $700 and room and board.

But by the time we add that all up he could just pay for the On Demand.  We will see, I just passed C|EH with self-study, so I'll start reading and then hit him up for some more money for training.

Well, I found a great eBay deal on Counter Hack Reloaded by Skoudis for $12.50 ($8.50 and $4 for shipping).  I'm also going to read that NIST IH document.  I think I'll be well covered for a little while.

it was my understanding that OSCP is a higher level than CEH.  I also had access to all the reading material for CEH for free through work.  That made the decision pretty easy for me.

I like the CEH because if I choose to, I can take the more advanced ECSA and obtain LPT.

Good luck!

By self study, I mean SELF STUDY. Not paying $3k for the SANS material.  I mean sitting down, cracking open books, maybe shell out for a CBT or DVD.  Other reading Counter Hack Reloaded and/or by following Ed Skoudis' around asking him questions until he caves in, do you have any recommendations for self study material?

I signed up for the work study here in Orlando, but got picked for the basic security course, GSEC I think.  Do I keep on submitting my application for facilitator until I get in the SEC504 class?  When I signed up I had to rate all the courses 1-30... I guess they filled my first choices with work study all ready.

My management is slowing down on their support, I still can't get them to come off the $30 for the book.  I'm trying to track down an inexpensive copy myself.  I tried doing the Brady Bunch challange here to win a signed copy, but I got lost before I even started.  Well, here's hoping I can get the cheap book.  Then maybe with some of the SANS reading room material I can actually pass this thing... either that or they finally approve our training budget (or I just get a job with another department that has a budget).

Would it be unethical if I sold my company bought CISSP books to fund my next cert?   At least ONE of them was given to me for my CISSP boot camp with no expectation of giving it back.  The others were given to me by my quasi-mentor who all ready passed CISSP.  Nobody else in my department wants them.

After about two moths of off and on studying I passed.  Unfortunately my energy and sugar levels dropped towards the end, but I still pulled through.

My study plan included reading the Offical CEH book by Graves, I should have skipped it and gone directly to Exam Prep by Gregg.  I found the Exam Prep had a deeper level of the material which represented what was on the test.  While the Offical CEH book was a good start, I felt it lacked the depth of Exam Prep.  Exam Prep explained some of the harder material is an easy to use format.  The chapter on cryptology was steller!  I wish I would have reviewed this before I sat for the CISSP.  In addition to the books I used the Career Academy's videos.  The video was a good solid foundation that went into a lot of the older software you may not find else where and some walk throughs you may not have the time to do on your own.  I previewed the CBT nuggets but I honestly could not take the jokes and unethical comments/stories he was telling.

I felt I should have done more studying with the specific tools like Ettercap, netcat, Snort, and Wireshark.  Having a lot of experience with NMAP definately helped.

My next plan is go self-study for GCIH, as long as my company will spring for the book.  I don't know why they are dragging their feet.  It's much cheaper than flying me to a SANS training.

-un

Great find!  Especially since my test is Friday and I thought I would be able to rely on Clement's CCCure CEH quiz database.  It turns out there are only 19 questions total.

My hopes are being crushed.  It turns out the two SANS seats were going to come on loan from another department with money to burn in the training budget.  My manager said it is not looking good that we will get them.

I still asked for the Counter Hack Reloaded by Ed Skoudis so I can begin my journey of self study.  I hope that our budget will finally be approved by the time I am ready.  I also have course material from 2004 when a co-worker went through the class that I can review for the basics.  Well, you win some and you lose some, eh?

I'm also continually sending email to my boss about discounts that SANS is offering (this month it's 20% off).

We will see.

In order to be eligible they would like you to all ready have two years of experience and have one of the following certification, CISSP; CISM; CISA; GPEN; GCIH; GIAC; GIAC; SSCP; SCNA; SCNP; GSLC; GISP;
ISSMP; ISSEP; ISSAP.  Additionally, you need to submit a professional resume, two letters of referral, 500-3000 word case study/white paper on a security topic.

It's a good deal if you have time to kill on a case study.  I'm considering it take the CHFI.

Well, I don't think I'm going SANS Orlando.  Which is a good thing because my wife is really busy this week with church.

Anyone going to InfoSec World 2009?  I'll be there Monday night, mainly at the ISSA booth, and then Tuesday afternoon for Dr. Diffie, one session, then back to the ISSA booth, and the CISSP reception.

Thanks everyone for the continuing input.

I am feeling really good about the test.  I am half way through the Exam Prep book by Michael Gregg.  I love the level of detail he goes into as well as the hands-on labs.  I don't feel that the Official book gave me enough information, but Exam Prep really does.  I hope to finish up the book this week and the week of the exam follow-up on my weakness.  Right now, I think my weakness is just memorizing port numbers for some of the services i've never been exposed to, as well as the ports for trojans.  I just finished the Linux chapter and feel comfortable with it, because I do log monitoring on UNIX on a day-to-day basis.

Thanks for all the input!  I will post my experience when my time comes.

My only concern is that I may get dropped into the Orlando session in two weeks, right before I sit for the CEH exam..  Other than that, I have my wife's full support.  Although, she wants me to take the training over the summer when she is able to be home with the baby (heck, she ain't a baby no more, she is going to turn 1 next week).  Unfortunately, my manager wants to get my counterpart and I training quickly so we can bring our Security Operation Center up to speed.

Seth, thanks for the input.  I will keep this under consideration.

I'm excited!  My manager is hot to trot to get me and my counterpart trained and certified for GCIH.  I am excited.  He told me our department has a seat for SANS.  From what dates and locations he was telling me I believe it is for one of the larger SANS conferences and not the community SANS.

I also told him that I would be open for doing the self-study method, either OnDemand or the Online classes with Ed in May.  I am sure that got his attention because that means he does not have to pay for my flight, nor does he have to pay my salary while I train.  I can do it completely off hours and on my own.  Which also means I may have more opportunities for additional training.

I know it may sound stupid for me not to take advantage of my company paying for everything, but I have a family at home that I want to be available for.  My wife is ok with being home for 6 days with the baby, because she understands how important this is to me and my career.. then ultimately to our finacial well being.

So, once I am done with the CEH, I plan on cracking open Counter Hack Reloaded and going for training. W00t!